Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-45471: GitHub - itsAptx/CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#js#git#java#auth#chrome#webkit#sap
Hackers Exploit QR Codes with QRLJacking for Malware Distribution

By Deeba Ahmed Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks. This is a post from HackRead.com Read the original post: Hackers Exploit QR Codes with QRLJacking for Malware Distribution

North Korea's Kimsuky Doubles Down on Remote Desktop Control

The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.

The Fake Browser Update Scam Gets a Makeover

One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day Flaw

By Waqas The Fantom Foundation has acknowledged the breach and is currently conducting an investigation after hackers managed to steal more than $550,000 in cryptocurrency. This is a post from HackRead.com Read the original post: Fantom Foundation Suffers Wallet Hack Via Google Chrome 0-Day Flaw

Watch Out: Attackers Are Hiding Malware in 'Browser Updates'

Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.

CVE-2023-43959: OffSec’s Exploit Database Archive

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

CVE-2023-45659: Session is not expiring after password reset

Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.

CVE-2023-45542: GitHub - ahrixia/CVE-2023-45542: mooSocial v3.1.8 is vulnerable to cross-site scripting on search function.

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.